# e E&Y Global Audit Methodology: Responding to the New Environment University of Illinois at Urbana-Champaign March 10, 2005 University of Illinois at Urbana-Champaign March 10, 2005
# e 2 Topics Regulatory Backdrop –Historical Timeline of Key Events –Sarbanes-Oxley Act of 2002 –Creation of PCAOB Responding to the New Environment –Recent Changes to E&Y Global Audit Methodology –Integrated Audit of Internal Control and Financial Statements –Identifying and Responding to Fraud Risks –Other E&Y Firm Changes to Improve Quality Discussion/Questions Regulatory Backdrop –Historical Timeline of Key Events –Sarbanes-Oxley Act of 2002 –Creation of PCAOB Responding to the New Environment –Recent Changes to E&Y Global Audit Methodology –Integrated Audit of Internal Control and Financial Statements –Identifying and Responding to Fraud Risks –Other E&Y Firm Changes to Improve Quality Discussion/Questions
# e & 1934 Securities Acts First auditing standards issued Auditing standards consolidated Auditing standards consolidated, name changed to AudSEC AudSEC, now ASB, sets rules for audits AICPA issued accounting standards FCPA issued, POB created, peer review required by AICPA Accounting standards moved from AICPA to FASB QCIC established CPE required by all AICPA members Stock market crash Creation of the SEC Sarbanes - Oxley Act, PCAOB formed Regulatory Backdrop: Timeline of Key Events Speculative boom leads to crash Nervous investors, low integrity market 1934–1995 Growth in capital markets increases need for standards, quality, and controls 1995–00 Dot.com era ENRON Worldcom Andersen 2002-Now Corporate reform, economic rebuild
# e 4 Sarbanes-Oxley Act of 2002 (SOA) Most significant federal securities legislation since 1933/34 Securities Acts; Renewed focus on corporate governance practices and financial reporting integrity and transparency SOA aims to: –Improve reporting/disclosures (e.g., new requirement to report on internal control – Section 404) –Strengthen corporate governance (e.g., new standards for audit committee practices) –Expand insider accountability (e.g., new requirements for code of ethics and protection for whistleblowers) –Increase oversight (e.g., creation of PCAOB; increased SEC review of company filings on 10-K/10-Q) –Broaden sanctions/penalties (e.g., criminal penalties strengthened when management issues false financial reports) –Heighten auditor independence (e.g., certain services can no longer be performed by auditors) Most significant federal securities legislation since 1933/34 Securities Acts; Renewed focus on corporate governance practices and financial reporting integrity and transparency SOA aims to: –Improve reporting/disclosures (e.g., new requirement to report on internal control – Section 404) –Strengthen corporate governance (e.g., new standards for audit committee practices) –Expand insider accountability (e.g., new requirements for code of ethics and protection for whistleblowers) –Increase oversight (e.g., creation of PCAOB; increased SEC review of company filings on 10-K/10-Q) –Broaden sanctions/penalties (e.g., criminal penalties strengthened when management issues false financial reports) –Heighten auditor independence (e.g., certain services can no longer be performed by auditors)
# e 5 Public Company Accounting Oversight Board Created by SOA New regulator for public accounting profession Three key functions of PCAOB: 1.Establish standards for Accounting Firms (auditing, quality control, ethics, and independence) 2.Conduct inspections of firms to assess compliance with professional standards 3.Take action to enforce PCAOB rules/standards Created by SOA New regulator for public accounting profession Three key functions of PCAOB: 1.Establish standards for Accounting Firms (auditing, quality control, ethics, and independence) 2.Conduct inspections of firms to assess compliance with professional standards 3.Take action to enforce PCAOB rules/standards
# e 6 PCAOB – Standards Adopted to Date In April 2003, the PCAOB adopted substantially all pre-existing standards issued by the AICPA Auditing Standards Board (ASB) to initially establish the “standards of the PCAOB”. Key new standards/rules adopted by PCAOB to date: –Standard #1, References in Auditors’ Reports to the Standards of the PCAOB (December 2003) - now refer to the standards of the PCAOB, rather than to U.S. generally accepted auditing standards –Standard #2, Audits of Internal Control Over Financial Reporting (March 2004) - guidance for auditors to report on internal control over financial reporting as required by Section 404 –Standard #3, Audit Documentation (June 2004) – increases documentation requirements on audits –Rule 3101, Rules Regarding Terms Used in Standards (June 2004) – establishes specific professional requirements when certain terms are used in standards (e.g., “should”, “must”) In April 2003, the PCAOB adopted substantially all pre-existing standards issued by the AICPA Auditing Standards Board (ASB) to initially establish the “standards of the PCAOB”. Key new standards/rules adopted by PCAOB to date: –Standard #1, References in Auditors’ Reports to the Standards of the PCAOB (December 2003) - now refer to the standards of the PCAOB, rather than to U.S. generally accepted auditing standards –Standard #2, Audits of Internal Control Over Financial Reporting (March 2004) - guidance for auditors to report on internal control over financial reporting as required by Section 404 –Standard #3, Audit Documentation (June 2004) – increases documentation requirements on audits –Rule 3101, Rules Regarding Terms Used in Standards (June 2004) – establishes specific professional requirements when certain terms are used in standards (e.g., “should”, “must”)
# e 7 Responding to the New Environment Recent Changes to E&Y Global Audit Methodology –Changes focus on importance of professional skepticism, audit quality, and diligent execution of procedures –Increased emphasis on: planning and coordinating multi-location engagements procedures to test and report on internal controls (for public companies) preparation and retention of documentation (presumption: if not documented, not done) independent review partner and national consultation requirements identifying and responding to fraud risks, including the use of journal entries to override controls testing estimates, fair values, and income tax accounts Recent Changes to E&Y Global Audit Methodology –Changes focus on importance of professional skepticism, audit quality, and diligent execution of procedures –Increased emphasis on: planning and coordinating multi-location engagements procedures to test and report on internal controls (for public companies) preparation and retention of documentation (presumption: if not documented, not done) independent review partner and national consultation requirements identifying and responding to fraud risks, including the use of journal entries to override controls testing estimates, fair values, and income tax accounts
# e 8 PCAOB Std #2 – Performing an Integrated Audit Audit Of Internal Control Over Financial Reporting Auditor opinion on management’s assessment that company maintained effective internal control as of year-end Financial Statement Audit Auditor opinion on whether company financial statements present fairly, in all material respects, the financial position, results of operations, and cash flows Financial Statement Audit Auditor opinion on whether company financial statements present fairly, in all material respects, the financial position, results of operations, and cash flows An Integrated Audit Adds:
# e 9 Integrated Audit - Significant Increase in Internal Control Work I/C Testing Account Balance Testing Financial and Internal Control Reporting Historical2004 Combination of Internal Control and Account Balance Testing for the Best Audit Coverage and Efficiency 2005 Risk Assessment Customize Audit Approach Both Internal Control Testing and Account Balance Testing Required Understand the Business Understand the Control Structure Financial Statement Audit I/C Testing Account Balance Testing First Year of Integrated Audit Both Internal Control Testing and Account Balance Testing Required Account Balance Testing Second Year of Integrated Audit Range of Synergies Anticipated I/C Testing
# e 10 Integrated Audit - Key Changes Affecting Management and Auditor Both must test controls over ALL significant accounts/disclosures and assertions –Management must have controls documented, in place, and operating effectively throughout the organization Management must have their own resources/controls to get financial statements right –Cannot simply “rely” on auditor to adjust financial statements can be Material Weakness in internal control and potentially an independence issue Auditor evaluates effectiveness of audit committee New rules have changed the auditor’s ability to leverage work of internal audit New requirements to evaluate and communicate control deficiencies identified Both must test controls over ALL significant accounts/disclosures and assertions –Management must have controls documented, in place, and operating effectively throughout the organization Management must have their own resources/controls to get financial statements right –Cannot simply “rely” on auditor to adjust financial statements can be Material Weakness in internal control and potentially an independence issue Auditor evaluates effectiveness of audit committee New rules have changed the auditor’s ability to leverage work of internal audit New requirements to evaluate and communicate control deficiencies identified
# e 11 Identifying and Responding to Fraud Risks SAS 99 was issued by ASB to increase emphasis on fraud risks during the audit 2004 calendar year is second full year of implementation for SAS 99 Auditor’s responsibilities did not change with SAS 99– “to plan and perform the audit to obtain reasonable assurance” that financial statements are not materially misstated, whether caused by error or fraud Fraud a top priority for PCAOB focus area in PCAOB inspections; may see additional rulemaking by PCAOB in 2005 SAS 99 was issued by ASB to increase emphasis on fraud risks during the audit 2004 calendar year is second full year of implementation for SAS 99 Auditor’s responsibilities did not change with SAS 99– “to plan and perform the audit to obtain reasonable assurance” that financial statements are not materially misstated, whether caused by error or fraud Fraud a top priority for PCAOB focus area in PCAOB inspections; may see additional rulemaking by PCAOB in 2005
# e 12 Most Common Fraud Areas Revenue Recognition (Deliberate Overstatement) #1 Area of Fraud Can be fictitious transactions or legitimate transactions that are recorded incorrectly (e.g., accelerating revenue recognition or misclassifying revenue in the income statement) Understatement of Expenses Significant Estimates Related Party Transactions/Self-Dealing Fair Values Most fraud is perpetrated and/or concealed with inappropriate journal entries and other adjustments Revenue Recognition (Deliberate Overstatement) #1 Area of Fraud Can be fictitious transactions or legitimate transactions that are recorded incorrectly (e.g., accelerating revenue recognition or misclassifying revenue in the income statement) Understatement of Expenses Significant Estimates Related Party Transactions/Self-Dealing Fair Values Most fraud is perpetrated and/or concealed with inappropriate journal entries and other adjustments
# e 13 Professional Skepticism Documentation “Fraud House” – Summary of SAS 99 Team Discussion Brainstorming session to consider risks of material misstatement due to fraud Identifying Fraud Risks Inquiries of management and others; Results of Analytical Procedures; Fraud Risk Factors; Other Information Respond to Fraud Risks Overall Responses (assignment of personnel such as IT or forensic specialists, build unpredictability into approach, etc.) Specific Responses (nature, timing, and extent of procedures for each risk) Mandatory Responses Test JE’s and Other Adjustments Retrospective Review of Significant Estimates for evidence of mgmt bias Evaluate business rationale for Significant Unusual Transactions
# e 14 Other E&Y Responses to the Changing Environment Other E&Y Firm Changes to Improve Quality –Taking significant steps to strengthen our independence policies and procedures –Focusing more directly on the audit committee as our client, and –Taking a more rigorous “risk management” approach when deciding whether to accept new clients or continue a relationship with existing clients Other E&Y Firm Changes to Improve Quality –Taking significant steps to strengthen our independence policies and procedures –Focusing more directly on the audit committee as our client, and –Taking a more rigorous “risk management” approach when deciding whether to accept new clients or continue a relationship with existing clients
# e 15 Discussion/Questions